| |
It's important to mention that NFS version 2 and 3 have some very clear
security limitations. They were designed to be used in a specific
environment -- a secure, trusted LAN. In particular, NFS 2 and 3 were
designed to be used on a LAN where "root" access to the machine is only
allowed by administrators. Due to the design of NFS 2 and NFS 3, if a
malicious user has "root" access to a machine on your LAN, he or she will
be capable of bypassing NFS security and very likely be able to access or
even modify files on the NFS server that he or she wouldn't normally be
able to otherwise. For this reason, NFS should not be deployed casually.
If you're going to use NFS on your LAN, great -- but set up a firewall
first. Make sure that people outside your LAN won't be able to access
your NFS server. Then, make sure that your internal LAN is relatively
secure, and that you are fully aware of all the hosts participating in
your LAN. Once your LAN's security has been thoroughly reviewed and (if
necessary) improved, you're ready to safely use NFS (see Part 7 of this
tutorial series for more on this).
|